Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Chiusura improvvisa pagine internet e messenger
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Solenry86
Mortale devoto
Mortale devoto


Registrato: 03/01/08 17:31
Messaggi: 8
MessaggioInviato: 03 Gen 2008 18:55    Oggetto: Chiusura improvvisa pagine internet e messenger Rispondi citando
Ciao a tutti! E' la prima volta che scrivo in questo forum perchè ho un problema piuttosto serio con il mio pc e non intendendomene molto ho pensato di chiedere a chi ne sa certamente di più. Preciso che non conosco i termini meno usati in materia informatica ma me la cavicchio solo un po' in generale, ma niente di più. Adesso vi espongo il mio problema.
Come sistema operativo ho windowsXP e da due giorni mi si chiudono improvvisamente sia messenger(dicendomi che si è verificato un errore) sia Internet explorer che Mozilla. Explorer e mozilla mi si chiudono solo quando vado in particolari siti, per esempio quando visito il blog di una mia amica che fino a due giorni fa visitavo tranquillamente. Messenger invece mi si chiude o quando ricevo una mail o quando chiudo una conversazione. Preciso che in questi due giorni non ho installato nulla di nuovo. Vi prego aiutatemi! Sono in crisi!!!!
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14303
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 03 Gen 2008 19:55    Oggetto: Rispondi citando
Ciao Solenry86, Ciao

Segui le istruzioni di questo topic per postare il log di hijackthis.

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
cosmic
Mortale devoto
Mortale devoto


Registrato: 02/01/08 13:43
Messaggi: 19
MessaggioInviato: 04 Gen 2008 10:34    Oggetto: anche a me succedeva con Internet Explorer Rispondi citando
Anche a me succedeva con Internet Explorer (messenger non lo uso)..
Accadeva con alcuni siti e pensavo che qualche plugin non funzionasse bene...

Poi ho trovato per caso questo post e ho risolto:
http://forum.zeusnews.com/viewtopic.php?t=21605&start=0&postdays=0&postorder=asc&highlight=

Non avevo nemmeno il programma Hijack, solo che ho capito che era il mio caso: un trojan faceva chiudere tutto ciò che gli "dava fastidio".

Non so se sia il tuo caso, comunque per prima cosa dovresti proprio provare HijackThis. E se non parte... Segui le istruzioni del post che ti ho indicato!
Top
Profilo Invia messaggio privato
Solenry86
Mortale devoto
Mortale devoto


Registrato: 03/01/08 17:31
Messaggi: 8
MessaggioInviato: 04 Gen 2008 11:06    Oggetto: Rispondi citando
Ciao Cosmic! Ho provato a fare quello che hai fatto tu per risolvere il problema, ma non ho risolto anche perchè i file di registro che dovevo controllare come hai fatto tu mi parevano a posto e comunque i sintomi di questa schifezza che ho nel pc sono leggermente diversi!!!
Ho apprezzato molto l'aiuto!!!! Grazie
Top
Profilo Invia messaggio privato
cosmic
Mortale devoto
Mortale devoto


Registrato: 02/01/08 13:43
Messaggi: 19
MessaggioInviato: 04 Gen 2008 11:19    Oggetto: HijackThis Rispondi citando
Quindi hai usato HijackThis?

Posta qui il log!! Very Happy

Io non sono espertona, ma tutti gli altri in questo forum sono dei veri manici!
Top
Profilo Invia messaggio privato
Solenry86
Mortale devoto
Mortale devoto


Registrato: 03/01/08 17:31
Messaggi: 8
MessaggioInviato: 04 Gen 2008 11:59    Oggetto: Rispondi citando
Ciao cosmic! Sai mica se devo postare tutto su pronto soccorso Zeus? Perchè ho letto così! Scusa se ti chiedo queste cose, ma sono nuovo.
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14303
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 04 Gen 2008 12:21    Oggetto: Rispondi citando
Si, alleghi il log nella tua prossima risposta a questo thread. Smile
Top
Profilo Invia messaggio privato
Solenry86
Mortale devoto
Mortale devoto


Registrato: 03/01/08 17:31
Messaggi: 8
MessaggioInviato: 04 Gen 2008 15:06    Oggetto: Rispondi citando
Preciso che prima di fare il log di hijack ho applicato tutte le procedure per limitare al minimo il log, nel senso che ho scansionato con i diversi antivirus, antispyware ecc, in modalità provvisoria e non come ho letto in un post per facilitare il compito a chi analizzerà il mio log di hijack. Prima di fare il log inoltre ho chiuso tutti i programmi p2p, messenger ecc. Spero di aver fatto tutto a modo. Se non dovesse andare bene qualcosa vi prego di dirmi cosa fare di preciso, o comunque il meglio possibile, perchè sono veramente inesperto in materia. Intanto vi ringrazio moltissimo per la pazienza e la cortesia.
Il log di hijack è il seguente:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.56.29, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
D:\Programmi\Powercinema4.0\PCMService.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
D:\Programmi\Office 2007\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
D:\Programmi\Powercinema4.0\Kernel\TV\CLCapSvc.exe
C:\Programmi\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Programmi\Powercinema4.0\Kernel\TV\CLSched.exe
D:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Soleto Enrico\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [PC-CAM 300 STI App Registration] RunDLL32.exe Pd016pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PCMService] "D:\Programmi\Powercinema4.0\PCMService.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] D:\Programmi\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB002" /M "Stylus C42"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Orbit.lnk = D:\Programmi\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download all by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programmi\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programmi\PPLive\PPLive.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://solenry.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\OFFICE~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Programmi\Powercinema4.0\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Programmi\Powercinema4.0\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programmi\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 13438 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14303
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 04 Gen 2008 15:12    Oggetto: Rispondi citando
Il log di hijackthis sembra pulito.
Segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
Solenry86
Mortale devoto
Mortale devoto


Registrato: 03/01/08 17:31
Messaggi: 8
MessaggioInviato: 04 Gen 2008 15:34    Oggetto: Rispondi citando
Il log di combofix è il seguente:
ComboFix 08-01-04.1 - Soleto Enrico 2008-01-04 15:21:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.169 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Soleto Enrico\Desktop\ComboFix(1).exe
.

((((((((((((((((((((((((( Files Creati Da 2007-12-04 al 2008-01-04 )))))))))))))))))))))))))))))))))))
.

2008-01-04 15:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 15:15 . 2008-01-04 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-01-04 12:19 . 2008-01-04 12:19 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-01-04 12:18 . 2008-01-04 12:18 <DIR> d-------- C:\Programmi\Yahoo!
2008-01-04 12:18 . 2008-01-04 12:18 <DIR> d-------- C:\Programmi\CCleaner
2008-01-04 12:17 . 2008-01-04 15:21 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-04 12:13 . 2008-01-04 12:13 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Bitdefender
2008-01-04 12:11 . 2008-01-04 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BitDefender
2008-01-04 12:07 . 2008-01-04 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-04 12:04 . 2008-01-04 12:04 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-01-04 00:27 . 2008-01-04 00:27 <DIR> d-------- C:\HiJackThis
2008-01-03 15:33 . 2008-01-03 15:33 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-03 15:00 . 2008-01-03 15:00 <DIR> d-------- C:\Programmi\Lavasoft
2008-01-03 15:00 . 2008-01-03 15:00 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-03 15:00 . 2008-01-03 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-03 12:47 . 2008-01-04 12:23 <DIR> d-------- C:\VEXPLITE
2008-01-03 12:47 . 2008-01-03 12:50 36,096 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-01-03 12:18 . 2008-01-03 12:28 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-03 00:16 . 2008-01-03 00:16 <DIR> d-------- C:\Programmi\Microsoft IntelliPoint
2008-01-03 00:12 . 2008-01-04 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-01-02 22:14 . 2008-01-03 00:11 <DIR> d-------- C:\Programmi\MSN Messenger
2007-12-28 20:48 . 2007-12-28 20:48 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2007-12-28 20:48 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-28 20:48 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-28 20:46 . 2007-12-28 20:46 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\PCF-VLC
2007-12-28 18:48 . 2007-12-28 18:48 <DIR> d-------- C:\Programmi\WIBUKEY
2007-12-28 18:48 . 2007-12-28 18:48 <DIR> d-------- C:\Programmi\WIBU-SYSTEMS
2007-12-28 18:48 . 2001-12-27 10:59 716,800 --a------ C:\WINDOWS\system32\Wibuke32.cpl
2007-12-28 18:48 . 2001-12-27 10:59 139,264 --a------ C:\WINDOWS\system32\WkWin32.dll
2007-12-28 18:48 . 2001-12-27 10:59 67,072 --a------ C:\WINDOWS\system32\drivers\Wibukey.sys
2007-12-28 18:48 . 2001-12-27 10:59 57,552 --a------ C:\WINDOWS\system32\WKDOS.EXE
2007-12-28 18:48 . 2001-12-27 10:59 52,736 --a------ C:\WINDOWS\system\WkWin.dll
2007-12-28 18:48 . 2001-12-27 10:59 29,696 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2007-12-28 18:47 . 2007-12-28 18:47 <DIR> d-------- C:\Programmi\Motorola
2007-12-28 18:47 . 2001-06-12 14:04 244,024 --a------ C:\WINDOWS\system32\msflxgrd.ocx
2007-12-28 18:47 . 2004-03-08 10:18 77,895 --a------ C:\WINDOWS\system32\unibus_tcutil.dll
2007-12-28 18:47 . 2005-07-20 14:35 36,480 --a------ C:\WINDOWS\system32\drivers\P2k.sys
2007-12-27 13:32 . 2007-12-28 18:39 <DIR> d-------- C:\Programmi\File comuni\Symantec Shared
2007-12-27 12:50 . 2007-12-28 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Adobe(3)
2007-12-27 12:42 . 2007-12-28 18:40 <DIR> d-------- C:\Programmi\Spyware Doctor
2007-12-27 12:38 . 2007-12-28 20:48 <DIR> d-------- C:\Programmi\Picasa2
2007-12-27 12:36 . 2008-01-03 15:32 <DIR> d-------- C:\Programmi\Norton Security Scan
2007-12-25 20:03 . 2007-12-25 20:03 <DIR> d-------- C:\Programmi\Alice ti aiuta
2007-12-12 12:58 . 2007-12-12 12:58 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Participatory Culture Foundation
2007-12-11 22:26 . 2007-12-16 11:29 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\SopCast
2007-12-10 23:33 . 2007-12-10 23:33 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Windows Live Writer
2007-12-10 23:30 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-10 23:26 . 2007-12-10 23:26 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-10 22:39 . 2007-12-10 22:45 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-10 22:38 . 2008-01-02 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-10 22:37 . 2007-12-11 09:52 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-10 21:52 . 2008-01-02 21:30 <DIR> d-------- C:\Programmi\Windows Live
2007-12-10 21:52 . 2007-12-10 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2007-12-09 10:49 . 2008-01-02 21:29 <DIR> d-------- C:\Programmi\Google
2007-12-08 13:20 . 2007-12-08 13:20 <DIR> d-------- C:\MicroGaming
2007-12-07 15:26 . 2007-12-07 15:26 118,762 --a------ C:\WINDOWS\PCTelevision Uninstaller.exe
2007-12-06 20:39 . 2007-12-06 20:39 <DIR> d-------- C:\ppmaterecord
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Programmi\File comuni\Synacast
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\PPMate
2007-12-06 20:08 . 2007-12-06 20:08 <DIR> d-------- C:\WINDOWS\system32\PPLive
2007-12-06 20:05 . 2007-12-06 20:05 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\PPLive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 14:19 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Orbit
2008-01-03 17:36 --------- d-----w C:\Programmi\eMule
2008-01-03 15:31 --------- d-----w C:\Programmi\Java
2008-01-03 14:37 --------- d-----w C:\Programmi\Windows Live Toolbar
2007-12-28 17:47 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-27 12:52 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Skype
2007-12-27 11:50 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-18 21:41 --------- d-----w C:\Programmi\KONAMI
2007-12-12 13:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2007-12-10 17:28 --------- d-----w C:\Programmi\Coolstreaming_Tool-Bar_v1.0
2007-11-25 17:31 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\TVU Networks
2007-11-25 17:23 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\OTVREG
2007-11-25 16:19 --------- d-----w C:\Programmi\Windows Live Safety Center
2007-11-21 08:25 --------- d--h--r C:\Documents and Settings\Soleto Enrico\Dati applicazioni\SecuROM
2007-11-20 21:54 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-20 17:02 --------- d-----w C:\Programmi\File comuni\EPSON
2007-11-20 17:01 --------- d-----w C:\Programmi\EPSON
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 22:18 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Autodesk
2007-11-11 22:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2007-11-11 22:14 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2007-11-11 22:13 --------- d-----w C:\Programmi\AnswerWorks 4.0
2007-11-11 22:07 --------- d-----w C:\Programmi\Autodesk
2007-11-10 13:54 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-10 13:54 --------- d-----w C:\Programmi\Replay Converter
2007-11-10 12:11 35,328 ----a-w C:\WINDOWS\cygz.dll
2007-11-10 12:11 1,126,281 ----a-w C:\WINDOWS\cygwin1.dll
2007-11-05 21:24 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Apple Computer
2007-11-05 12:52 --------- d-----w C:\Programmi\Apple Software Update
2007-11-05 12:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-11-05 12:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-11-04 12:29 --------- d-----w C:\Programmi\MSXML 4.0
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 13:00 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 00:47 7573504]
"nwiz"="nwiz.exe" [2006-04-28 00:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-04-28 00:47 86016 C:\WINDOWS\system32\nvmctray.dll]
"CTHelper"="CTHELPER.EXE" [2003-06-09 03:07 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"PC-CAM 300 STI App Registration"="Pd016pin.dll" [2002-06-06 02:10 28672 C:\WINDOWS\system32\PD016Pin.dll]
"type32"="C:\Programmi\Microsoft IntelliType Pro\type32.exe" [2004-03-19 05:30 184320]
"IntelliPoint"="C:\Programmi\Microsoft IntelliPoint\point32.exe" [2004-03-19 05:29 212992]
"PCMService"="D:\Programmi\Powercinema4.0\PCMService.exe" [2005-06-20 05:32 127118]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 08:20 372736]
"GrooveMonitor"="D:\Programmi\Office 2007\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"LanguageShortcut"="D:\Programmi\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-02 14:08 180269]
"QuickTime Task"="D:\Programmi\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"EPSON Stylus C42 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-02-19 04:03 74240]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 20:08 16050688 C:\WINDOWS\RTHDCPL.EXE]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-28 20:32 29744]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"BDMCon"="C:\Programmi\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Programmi\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 13:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2007-12-28 20:41:12]
Orbit.lnk - D:\Programmi\Orbitdownloader\orbitdm.exe [2007-11-06 01:03:21]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart16.exe [2005-03-05 14:18:22]
WinZip Quick Pick.lnk - D:\Programmi\WinZip\WZQKPICK.EXE [2007-11-02 12:35:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 13:00]
S3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2002-06-05 02:10]
S3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2002-06-05 02:10]
S3 USB28xxBGA;Cinergy Hybrid T USB XS;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-09-06 15:11]
S3 USB28xxOEM;Cinergy T USB XS Custom Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-09-06 15:11]

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 15:23:48
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

**************************************************************************
.
Ora fine scansione: 2008-01-04 15:27:17
.
2008-01-03 17:01:36 --- E O F ---


Il log di Hijack aggiornato dopo aver effettuato il log di combofix è il seguente:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.30.21, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
D:\Programmi\Powercinema4.0\PCMService.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
D:\Programmi\Office 2007\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
D:\Programmi\Powercinema4.0\Kernel\TV\CLCapSvc.exe
C:\Programmi\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Programmi\Powercinema4.0\Kernel\TV\CLSched.exe
D:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Soleto Enrico\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [PC-CAM 300 STI App Registration] RunDLL32.exe Pd016pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PCMService] "D:\Programmi\Powercinema4.0\PCMService.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] D:\Programmi\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB002" /M "Stylus C42"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Orbit.lnk = D:\Programmi\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download all by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programmi\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programmi\PPLive\PPLive.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://solenry.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\OFFICE~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Programmi\Powercinema4.0\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Programmi\Powercinema4.0\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programmi\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 13370 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14303
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 05 Gen 2008 10:38    Oggetto: Rispondi citando
I logs mi sembrano entrambi puliti. Think
Fai queste scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
Solenry86
Mortale devoto
Mortale devoto


Registrato: 03/01/08 17:31
Messaggi: 8
MessaggioInviato: 05 Gen 2008 11:45    Oggetto: Rispondi citando
Ho provato ad andare nelle pagine in cui mi si chiudeva tutto e adesso funzionano. Grazie mille per l'aiuto!!!!
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14303
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Gen 2008 12:20    Oggetto: Rispondi
Contento che hai risolto! Very Happy
Probabilmente ComboFix ha sistemato da solo il tuo problema. Think
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 1 ora
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi